| |
| |
| <!DOCTYPE html> |
| <!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]--> |
| <!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]--> |
| <head> |
| <meta charset="utf-8"> |
| |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> |
| |
| <title>Using roles — Apache Usergrid 2.x documentation</title> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" /> |
| |
| |
| |
| |
| |
| <link rel="top" title="Apache Usergrid 2.x documentation" href="../index.html"/> |
| <link rel="next" title="Authenticating users & app clients" href="authenticating-users-and-application-clients.html"/> |
| <link rel="prev" title="Using permissions" href="using-permissions.html"/> |
| |
| |
| <script src="../_static/js/modernizr.min.js"></script> |
| |
| </head> |
| |
| <body class="wy-body-for-nav" role="document"> |
| |
| <div class="wy-grid-for-nav"> |
| |
| |
| <nav data-toggle="wy-nav-shift" class="wy-nav-side"> |
| <div class="wy-side-nav-search"> |
| |
| |
| |
| <a href="../index.html" class="icon icon-home"> Apache Usergrid |
| |
| |
| |
| </a> |
| |
| |
| |
| |
| <div class="version"> |
| 2.x |
| </div> |
| |
| |
| |
| |
| <div role="search"> |
| <form id="rtd-search-form" class="wy-form" action="../search.html" method="get"> |
| <input type="text" name="q" placeholder="Search docs" /> |
| <input type="hidden" name="check_keywords" value="yes" /> |
| <input type="hidden" name="area" value="default" /> |
| </form> |
| </div> |
| |
| |
| </div> |
| |
| <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation"> |
| |
| |
| |
| <p class="caption"><span class="caption-text">Getting Started</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../introduction/overview.html">Getting Started</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Using Usergrid</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../using-usergrid/creating-account.html">Creating a Usergrid Account</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../using-usergrid/creating-a-new-application.html">Creating a new application</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../using-usergrid/using-a-sandbox-app.html">Using a Sandbox Application</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../using-usergrid/using-the-api.html">Using the API</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Data Storage</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Data Queries</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters & clauses</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators & data types</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Entity Connections</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Push Notifications</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../push-notifications/overview.html">Push notifications overview</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../push-notifications/adding-push-support.html">Adding push notifications support</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../push-notifications/getting-started.html">Getting started with push notifications</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../push-notifications/tutorial.html">Tutorial: Push notifications sample app</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../push-notifications/registering.html">Registering with a notification service</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../push-notifications/creating-notifiers.html">Creating notifiers</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../push-notifications/managing-users-and-devices.html">Managing users and devices</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../push-notifications/creating-and-managing-notifications.html">Creating and managing notifications</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../push-notifications/troubleshooting.html">Troubleshooting</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Security & Authentication</span></p> |
| <ul class="current"> |
| <li class="toctree-l1"><a class="reference internal" href="app-security.html">Security & token authentication</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="using-permissions.html">Using permissions</a></li> |
| <li class="toctree-l1 current"><a class="current reference internal" href="">Using roles</a><ul> |
| <li class="toctree-l2"><a class="reference internal" href="#default-roles">Default roles</a></li> |
| <li class="toctree-l2"><a class="reference internal" href="#creating-roles">Creating roles</a><ul> |
| <li class="toctree-l3"><a class="reference internal" href="#request-syntax">Request syntax</a></li> |
| <li class="toctree-l3"><a class="reference internal" href="#example-request">Example request</a></li> |
| <li class="toctree-l3"><a class="reference internal" href="#example-response">Example response</a></li> |
| <li class="toctree-l3"><a class="reference internal" href="#creating-roles-in-the-admin-portal">Creating Roles in the Admin Portal</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l2"><a class="reference internal" href="#assigning-roles">Assigning roles</a><ul> |
| <li class="toctree-l3"><a class="reference internal" href="#id1">Request syntax</a></li> |
| <li class="toctree-l3"><a class="reference internal" href="#id2">Example request</a></li> |
| <li class="toctree-l3"><a class="reference internal" href="#id3">Example response</a></li> |
| <li class="toctree-l3"><a class="reference internal" href="#assigning-roles-in-the-admin-portal">Assigning Roles in the Admin Portal</a></li> |
| </ul> |
| </li> |
| <li class="toctree-l2"><a class="reference internal" href="#removing-roles">Removing roles</a><ul> |
| <li class="toctree-l3"><a class="reference internal" href="#id4">Request syntax</a></li> |
| <li class="toctree-l3"><a class="reference internal" href="#id5">Example request</a></li> |
| <li class="toctree-l3"><a class="reference internal" href="#id6">Example response</a></li> |
| <li class="toctree-l3"><a class="reference internal" href="#removing-roles-in-the-admin-portal">Removing Roles in the Admin Portal</a></li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="toctree-l1"><a class="reference internal" href="authenticating-users-and-application-clients.html">Authenticating users & app clients</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="user-authentication-types.html">Authentication levels</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="changing-token-time-live-ttl.html">Changing token expiration (time-to-live)</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="revoking-tokens-logout.html">Revoking tokens (logout)</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="facebook-sign.html">Facebook sign in</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="securing-your-app.html">Security best practices</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">User Management & Social Graph</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management & social graph</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Geo-location</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Assets & Files</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../assets-and-files/uploading-assets.html">Uploading assets</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../assets-and-files/retrieving-assets.html">Retrieving assets</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../assets-and-files/folders.html">Folders</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Counters & Events</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters & events</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating & incrementing counters</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Organizations & Applications</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization & application management</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/admin-user.html">Admin user</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">API Reference</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#sub-types">Sub-Types</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Client SDKs</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">Installing Usergrid</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../installation/deployment-guide.html">Usergrid 2.1.0 Deployment Guide</a></li> |
| </ul> |
| <p class="caption"><span class="caption-text">More about Usergrid</span></p> |
| <ul> |
| <li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations & Videos</a></li> |
| <li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code & Docs</a></li> |
| </ul> |
| |
| |
| |
| </div> |
| |
| </nav> |
| |
| <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"> |
| |
| |
| <nav class="wy-nav-top" role="navigation" aria-label="top navigation"> |
| <i data-toggle="wy-nav-top" class="fa fa-bars"></i> |
| <a href="../index.html">Apache Usergrid</a> |
| </nav> |
| |
| |
| |
| <div class="wy-nav-content"> |
| <div class="rst-content"> |
| <div role="navigation" aria-label="breadcrumbs navigation"> |
| <ul class="wy-breadcrumbs"> |
| <li><a href="../index.html">Docs</a> »</li> |
| |
| <li>Using roles</li> |
| <li class="wy-breadcrumbs-aside"> |
| |
| |
| <a href="../_sources/security-and-auth/using-roles.txt" rel="nofollow"> View page source</a> |
| |
| |
| </li> |
| </ul> |
| <hr/> |
| </div> |
| <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article"> |
| <div itemprop="articleBody"> |
| |
| <div class="section" id="using-roles"> |
| <h1>Using roles<a class="headerlink" href="#using-roles" title="Permalink to this headline">ΒΆ</a></h1> |
| <p>Roles are named sets of one or more permissions, and are useful for |
| defining specific access levels to resources in your Usergrid data |
| store. Multiple roles can be assigned to a user or group, giving you a |
| great deal of flexibility in how access to resources are defined.</p> |
| <p>For example, in a blogging app you might create a ‘reviewer’ role that |
| allows GET and PUT access to an articles collection to allow the user to |
| retrieve and update articles, but not allow them to create new articles.</p> |
| <div class="section" id="default-roles"> |
| <h2>Default roles<a class="headerlink" href="#default-roles" title="Permalink to this headline">ΒΆ</a></h2> |
| <p>While you can create as many custom roles as you want per application, |
| all Usegrid applications include three default roles. These roles each |
| serve a special purpose and should not be deleted; however, you can and |
| should adjust the permissions assigned to these roles to suit the needs |
| of you app.</p> |
| <p>The following table describes each pre-defined role, and the permissions |
| that are assigned to them by default.</p> |
| <table class="usergrid-table"> |
| <tr> |
| <th><p>Role</p> |
| </th> |
| <th class="usergrid-30"><p>Permissions</p> |
| </th> |
| <th><p>Description</p> |
| </th> |
| </tr> |
| <tr> |
| <td><p>Guest</p> |
| </td> |
| <td><ul class="simple"> |
| <li>post: /devices</li> |
| <li>post: /users</li> |
| <li>put: /devices/*</li> |
| </ul> |
| </td> |
| <td><p>Assigned to all unauthenticated requests. Includes a basic set of |
| permissions that are commonly needed by unregistered or unauthenticated |
| users.</p> |
| <p><p>Grants permission for a user to create a user account and for their |
| device to be registered.</p> |
| </td> |
| </tr> |
| <tr> |
| <td><p>Default</p> |
| </td> |
| <td><ul class="simple"> |
| <li>get, post, put, delete: /**</li> |
| </ul> |
| </td> |
| <td><p>Default for authenticated users. Assigns the associated permissions to |
| all users whose requests are authenticated with a valid access token.</p> |
| <div class="admonition warning"> <p class="first admonition-title"><p>WARNING</p> |
| </p> <p class="last"> |
| |
| |
| By default, **grants full access for all resources in your<p>application**. A first task in securing your application should be to |
| restrict access by redefining this role to narrow the access it |
| provides. Remove the default full permission rule and add restrictive |
| permission rules for a production deployment.</p> |
| </p></div></td> |
| </tr> |
| <tr> |
| <td><p>Administrator</p> |
| </td> |
| <td><p>None</p> |
| </td> |
| <td><p>Unused until you associate it with users or groups. By default, includes |
| no permissions that provide access. Grants no access. Consider this a |
| blank slate. Add permission rules and associate this role with users and |
| groups as needed.</p> |
| <div class="admonition note"> <p class="first admonition-title"><p>NOTE</p> |
| </p> <p class="last"> |
| |
| |
| The Administrator role is not the same as an organization<p>administrator, that is, someone who authenticates as an Admin User. The |
| Admin User is an implicit user created when you create an organization. |
| After authenticating, the Admin User has full access to all of the |
| administration features of the Usergrid API. By comparison, the |
| Administrator role is simply a role (initially without permissions) that |
| can be assigned to any user.</p> |
| </p></div></td> |
| </tr> |
| </table></div> |
| <div class="section" id="creating-roles"> |
| <h2>Creating roles<a class="headerlink" href="#creating-roles" title="Permalink to this headline">ΒΆ</a></h2> |
| <p>Generally, it is easiest to a create a role for each access type you |
| want to enable in your app. You may, however, assign multiple roles to |
| any user or group entity, so you have the flexibility to define any |
| schema for applying roles that you like.</p> |
| <p>The following shows how to create a new role and assign permissions to |
| it.</p> |
| <div class="section" id="request-syntax"> |
| <h3>Request syntax<a class="headerlink" href="#request-syntax" title="Permalink to this headline">ΒΆ</a></h3> |
| <p>With cURL requests a role entity is created with a POST request, then |
| permissions must be assigned to it with a separate request. For more on |
| assigning permissions with cURL, see <a class="reference external" href="security-and-auth/using-permissions.html">Using |
| Permissions</a>.</p> |
| <p>The following details how to create a new role entity.</p> |
| <div class="highlight-python"><div class="highlight"><pre>curl -X POST https://api.usergrid.com/<org>/<app>/roles -d '{"name":<roleName>}' |
| </pre></div> |
| </div> |
| <p>Parameters</p> |
| <table border="1" class="docutils"> |
| <colgroup> |
| <col width="24%" /> |
| <col width="76%" /> |
| </colgroup> |
| <thead valign="bottom"> |
| <tr class="row-odd"><th class="head">Parameter</th> |
| <th class="head">Description</th> |
| </tr> |
| </thead> |
| <tbody valign="top"> |
| <tr class="row-even"><td>org</td> |
| <td>Organization UUID or organization name</td> |
| </tr> |
| <tr class="row-odd"><td>app</td> |
| <td>Application UUID or application name</td> |
| </tr> |
| <tr class="row-even"><td>roleName</td> |
| <td>The name of the role to be created</td> |
| </tr> |
| </tbody> |
| </table> |
| </div> |
| <div class="section" id="example-request"> |
| <h3>Example request<a class="headerlink" href="#example-request" title="Permalink to this headline">ΒΆ</a></h3> |
| <div class="highlight-python"><div class="highlight"><pre>curl -X POST "https://api.usergrid.com/my-org/my-app/roles/ -d '{"name":"manager"}' |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="example-response"> |
| <h3>Example response<a class="headerlink" href="#example-response" title="Permalink to this headline">ΒΆ</a></h3> |
| <div class="highlight-python"><div class="highlight"><pre><span class="p">{</span> |
| <span class="s">"action"</span> <span class="p">:</span> <span class="s">"post"</span><span class="p">,</span> |
| <span class="s">"application"</span> <span class="p">:</span> <span class="s">"f34f4222-a166-11e2-a7f7-02e81adcf3d0"</span><span class="p">,</span> |
| <span class="s">"params"</span> <span class="p">:</span> <span class="p">{</span> <span class="p">},</span> |
| <span class="s">"path"</span> <span class="p">:</span> <span class="s">"/roles"</span><span class="p">,</span> |
| <span class="s">"uri"</span> <span class="p">:</span> <span class="s">"https://api.usergrid.com/your-org/your-app/roles"</span><span class="p">,</span> |
| <span class="s">"entities"</span> <span class="p">:</span> <span class="p">[</span> <span class="p">{</span> |
| <span class="s">"uuid"</span> <span class="p">:</span> <span class="s">"382d0991-74bb-3548-8166-6b07e44495ef"</span><span class="p">,</span> |
| <span class="s">"type"</span> <span class="p">:</span> <span class="s">"role"</span><span class="p">,</span> |
| <span class="s">"name"</span> <span class="p">:</span> <span class="s">"manager"</span><span class="p">,</span> |
| <span class="s">"created"</span> <span class="p">:</span> <span class="mi">1402612783104</span><span class="p">,</span> |
| <span class="s">"modified"</span> <span class="p">:</span> <span class="mi">1402612783104</span><span class="p">,</span> |
| <span class="s">"roleName"</span> <span class="p">:</span> <span class="s">"manager"</span><span class="p">,</span> |
| <span class="s">"title"</span> <span class="p">:</span> <span class="s">"manager"</span><span class="p">,</span> |
| <span class="s">"inactivity"</span> <span class="p">:</span> <span class="mi">0</span><span class="p">,</span> |
| <span class="s">"metadata"</span> <span class="p">:</span> <span class="p">{</span> |
| <span class="s">"path"</span> <span class="p">:</span> <span class="s">"/roles/382d0991-74bb-3548-8166-6b07e44495ef"</span><span class="p">,</span> |
| <span class="s">"sets"</span> <span class="p">:</span> <span class="p">{</span> |
| <span class="s">"permissions"</span> <span class="p">:</span> <span class="s">"/roles/382d0991-74bb-3548-8166-6b07e44495ef/permissions"</span> |
| <span class="p">},</span> |
| <span class="s">"collections"</span> <span class="p">:</span> <span class="p">{</span> |
| <span class="s">"groups"</span> <span class="p">:</span> <span class="s">"/roles/382d0991-74bb-3548-8166-6b07e44495ef/groups"</span><span class="p">,</span> |
| <span class="s">"users"</span> <span class="p">:</span> <span class="s">"/roles/382d0991-74bb-3548-8166-6b07e44495ef/users"</span> |
| <span class="p">}</span> |
| <span class="p">}</span> |
| <span class="p">}</span> <span class="p">],</span> |
| <span class="s">"timestamp"</span> <span class="p">:</span> <span class="mi">1402612783102</span><span class="p">,</span> |
| <span class="s">"duration"</span> <span class="p">:</span> <span class="mi">30</span><span class="p">,</span> |
| <span class="s">"organization"</span> <span class="p">:</span> <span class="s">"your-org"</span><span class="p">,</span> |
| <span class="s">"applicationName"</span> <span class="p">:</span> <span class="s">"your-app"</span> |
| <span class="p">}</span> |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="creating-roles-in-the-admin-portal"> |
| <h3>Creating Roles in the Admin Portal<a class="headerlink" href="#creating-roles-in-the-admin-portal" title="Permalink to this headline">ΒΆ</a></h3> |
| <ol class="arabic simple"> |
| <li>In the left sidebar of the Usergrid portal, click Users > Roles. This |
| displays the roles defined for the application. Click the ‘+’ button.</li> |
| <li>In the dialog box, provide a ‘title’ and ‘role name.’ A title is an |
| alias for the role name.</li> |
| <li>Click ‘Create’. The role will be created, but will not have any |
| permissions assigned to it.</li> |
| <li>Click the role you created in the list.</li> |
| <li>Click the ‘Add permissions’ button.</li> |
| <li>In the dialog box, click the check boxes for the HTTP methods you |
| want to grant permissions for, and enter the resource path in the |
| ‘Path’ field.</li> |
| <li>The ‘Inactivity’ field lets you control automatic user logout during |
| periods of inactivity. Set a number of seconds of inactivity before |
| users assigned to this role are automatically logged out.</li> |
| </ol> |
| </div> |
| </div> |
| <div class="section" id="assigning-roles"> |
| <h2>Assigning roles<a class="headerlink" href="#assigning-roles" title="Permalink to this headline">ΒΆ</a></h2> |
| <p>Once you have created some roles, you will need to explicitly assign |
| them to a user or group entity. The permissions associated with that |
| role will be granted to the entity immediately for any requests they |
| send that are authenticated by a valid access token. Please note that |
| assigning a role to a group will grant the associated permissions to |
| every user in that group.</p> |
| <p>The following shows how to assign a role to an entity.</p> |
| <div class="section" id="id1"> |
| <h3>Request syntax<a class="headerlink" href="#id1" title="Permalink to this headline">ΒΆ</a></h3> |
| <div class="highlight-python"><div class="highlight"><pre>curl -X POST https://api.usergrid.com/<org>/<app>/roles/<roleName>/<entityType>/<entityID> |
| </pre></div> |
| </div> |
| <p>Parameters</p> |
| <table border="1" class="docutils"> |
| <colgroup> |
| <col width="13%" /> |
| <col width="87%" /> |
| </colgroup> |
| <thead valign="bottom"> |
| <tr class="row-odd"><th class="head">Parameter</th> |
| <th class="head">Description</th> |
| </tr> |
| </thead> |
| <tbody valign="top"> |
| <tr class="row-even"><td>org</td> |
| <td>Organization UUID or organization name</td> |
| </tr> |
| <tr class="row-odd"><td>app</td> |
| <td>Application UUID or application name</td> |
| </tr> |
| <tr class="row-even"><td>roleName</td> |
| <td>The name of the role to be created</td> |
| </tr> |
| <tr class="row-odd"><td>entityType</td> |
| <td>The type of the entity the role is being assigned to. ‘Group’ and ‘user’ are valid values.</td> |
| </tr> |
| <tr class="row-even"><td>entityID</td> |
| <td>The UUID of the entity the role is being assigned to.</td> |
| </tr> |
| </tbody> |
| </table> |
| <p>For groups, the ‘name’ property can be used. For users, the ‘username’ |
| property can be used.</p> |
| </div> |
| <div class="section" id="id2"> |
| <h3>Example request<a class="headerlink" href="#id2" title="Permalink to this headline">ΒΆ</a></h3> |
| <div class="highlight-python"><div class="highlight"><pre>curl -X POST "https://api.usergrid.com/my-org/my-app/roles/manager/users/someUser |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="id3"> |
| <h3>Example response<a class="headerlink" href="#id3" title="Permalink to this headline">ΒΆ</a></h3> |
| <div class="highlight-python"><div class="highlight"><pre><span class="p">{</span> |
| <span class="s">"action"</span> <span class="p">:</span> <span class="s">"post"</span><span class="p">,</span> |
| <span class="s">"application"</span> <span class="p">:</span> <span class="s">"f34f4222-a166-11e2-a7f7-02e81adcf3d0"</span><span class="p">,</span> |
| <span class="s">"params"</span> <span class="p">:</span> <span class="p">{</span> <span class="p">},</span> |
| <span class="s">"path"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users"</span><span class="p">,</span> |
| <span class="s">"uri"</span> <span class="p">:</span> <span class="s">"https://api.usergrid.com/your-org/your-app/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users"</span><span class="p">,</span> |
| <span class="s">"entities"</span> <span class="p">:</span> <span class="p">[</span> <span class="p">{</span> |
| <span class="s">"uuid"</span> <span class="p">:</span> <span class="s">"410b213a-b379-11e3-a0e5-9953085ea376"</span><span class="p">,</span> |
| <span class="s">"type"</span> <span class="p">:</span> <span class="s">"user"</span><span class="p">,</span> |
| <span class="s">"name"</span> <span class="p">:</span> <span class="s">"someUser"</span><span class="p">,</span> |
| <span class="s">"created"</span> <span class="p">:</span> <span class="mi">1395681911491</span><span class="p">,</span> |
| <span class="s">"modified"</span> <span class="p">:</span> <span class="mi">1399070010291</span><span class="p">,</span> |
| <span class="s">"username"</span> <span class="p">:</span> <span class="s">"someUser"</span><span class="p">,</span> |
| <span class="s">"activated"</span> <span class="p">:</span> <span class="n">true</span><span class="p">,</span> |
| <span class="s">"file"</span> <span class="p">:</span> <span class="s">"fobnszewobnioerabnoiawegbrn</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> |
| <span class="s">"metadata"</span> <span class="p">:</span> <span class="p">{</span> |
| <span class="s">"connecting"</span> <span class="p">:</span> <span class="p">{</span> |
| <span class="s">"friends"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/connecting/friends"</span><span class="p">,</span> |
| <span class="s">"likes"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/connecting/likes"</span> |
| <span class="p">},</span> |
| <span class="s">"path"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376"</span><span class="p">,</span> |
| <span class="s">"sets"</span> <span class="p">:</span> <span class="p">{</span> |
| <span class="s">"rolenames"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/roles"</span><span class="p">,</span> |
| <span class="s">"permissions"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/permissions"</span> |
| <span class="p">},</span> |
| <span class="s">"connections"</span> <span class="p">:</span> <span class="p">{</span> |
| <span class="s">"completed"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/completed"</span><span class="p">,</span> |
| <span class="s">"follows"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/follows"</span> |
| <span class="p">},</span> |
| <span class="s">"collections"</span> <span class="p">:</span> <span class="p">{</span> |
| <span class="s">"activities"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/activities"</span><span class="p">,</span> |
| <span class="s">"devices"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/devices"</span><span class="p">,</span> |
| <span class="s">"feed"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/feed"</span><span class="p">,</span> |
| <span class="s">"groups"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/groups"</span><span class="p">,</span> |
| <span class="s">"roles"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/roles"</span><span class="p">,</span> |
| <span class="s">"following"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/following"</span><span class="p">,</span> |
| <span class="s">"followers"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/followers"</span> |
| <span class="p">}</span> |
| <span class="p">}</span> |
| <span class="p">}</span> <span class="p">],</span> |
| <span class="s">"timestamp"</span> <span class="p">:</span> <span class="mi">1402965083889</span><span class="p">,</span> |
| <span class="s">"duration"</span> <span class="p">:</span> <span class="mi">41</span><span class="p">,</span> |
| <span class="s">"organization"</span> <span class="p">:</span> <span class="s">"your-org"</span><span class="p">,</span> |
| <span class="s">"applicationName"</span> <span class="p">:</span> <span class="s">"your-app"</span> |
| <span class="p">}</span> |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="assigning-roles-in-the-admin-portal"> |
| <h3>Assigning Roles in the Admin Portal<a class="headerlink" href="#assigning-roles-in-the-admin-portal" title="Permalink to this headline">ΒΆ</a></h3> |
| <p>The easiest way to assign roles to user or group entities is to use the |
| ‘Users’ tab of the Usergrid admin portal, by doing the following:</p> |
| <ol class="arabic simple"> |
| <li>In the left sidebar of the admin portal, click Users > Users or Users |
| > Groups to display either the list of users or groups in your |
| application.</li> |
| <li>In the list, click the name of the user or group entity you want to |
| assign roles to to display its details in the right pane.</li> |
| <li>Click the ‘Roles & Permissions’ tab above the right pane.</li> |
| <li>Click the ‘Add Role’ button.</li> |
| <li>In the popup, select a role from the drop down menu.</li> |
| <li>Click the ‘Add’ button.</li> |
| </ol> |
| </div> |
| </div> |
| <div class="section" id="removing-roles"> |
| <h2>Removing roles<a class="headerlink" href="#removing-roles" title="Permalink to this headline">ΒΆ</a></h2> |
| <p>At times it may be necessary to remove a role from a user or group |
| entity, for example if a user changes jobs, or the duties of a group are |
| altered. Please note that removing a role from a group will remove the |
| associated permissions from every user in that group.</p> |
| <p>The following shows how to remove a role from an entity.</p> |
| <div class="section" id="id4"> |
| <h3>Request syntax<a class="headerlink" href="#id4" title="Permalink to this headline">ΒΆ</a></h3> |
| <div class="highlight-python"><div class="highlight"><pre>curl -X DELETE https://api.usergrid.com/<org>/<app>/roles/<roleName>/<entityType>/<entityID> |
| </pre></div> |
| </div> |
| <p>Parameters</p> |
| <table border="1" class="docutils"> |
| <colgroup> |
| <col width="13%" /> |
| <col width="87%" /> |
| </colgroup> |
| <thead valign="bottom"> |
| <tr class="row-odd"><th class="head">Parameter</th> |
| <th class="head">Description</th> |
| </tr> |
| </thead> |
| <tbody valign="top"> |
| <tr class="row-even"><td>org</td> |
| <td>Organization UUID or organization name</td> |
| </tr> |
| <tr class="row-odd"><td>app</td> |
| <td>Application UUID or application name</td> |
| </tr> |
| <tr class="row-even"><td>roleName</td> |
| <td>The name of the role to be created</td> |
| </tr> |
| <tr class="row-odd"><td>entityType</td> |
| <td>The type of the entity the role is being removed from. ‘Group’ and ‘user’ are valid values.</td> |
| </tr> |
| <tr class="row-even"><td>entityID</td> |
| <td>The UUID of the entity the role is being removed from.</td> |
| </tr> |
| </tbody> |
| </table> |
| <p>For groups, the ‘name’ property can be used. For users, the ‘username’ |
| property can be used.</p> |
| </div> |
| <div class="section" id="id5"> |
| <h3>Example request<a class="headerlink" href="#id5" title="Permalink to this headline">ΒΆ</a></h3> |
| <div class="highlight-python"><div class="highlight"><pre>curl -X DELETE https://api.usergrid.com/my-org/my-app/roles/manager/users/someUser |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="id6"> |
| <h3>Example response<a class="headerlink" href="#id6" title="Permalink to this headline">ΒΆ</a></h3> |
| <div class="highlight-python"><div class="highlight"><pre><span class="p">{</span> |
| <span class="s">"action"</span> <span class="p">:</span> <span class="s">"delete"</span><span class="p">,</span> |
| <span class="s">"application"</span> <span class="p">:</span> <span class="s">"f34f4222-a166-11e2-a7f7-02e81adcf3d0"</span><span class="p">,</span> |
| <span class="s">"params"</span> <span class="p">:</span> <span class="p">{</span> <span class="p">},</span> |
| <span class="s">"path"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users"</span><span class="p">,</span> |
| <span class="s">"uri"</span> <span class="p">:</span> <span class="s">"https://api.usergrid.com/your-org/your-app/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users"</span><span class="p">,</span> |
| <span class="s">"entities"</span> <span class="p">:</span> <span class="p">[</span> <span class="p">{</span> |
| <span class="s">"uuid"</span> <span class="p">:</span> <span class="s">"410b213a-b379-11e3-a0e5-9953085ea376"</span><span class="p">,</span> |
| <span class="s">"type"</span> <span class="p">:</span> <span class="s">"user"</span><span class="p">,</span> |
| <span class="s">"name"</span> <span class="p">:</span> <span class="s">"someUser"</span><span class="p">,</span> |
| <span class="s">"created"</span> <span class="p">:</span> <span class="mi">1395681911491</span><span class="p">,</span> |
| <span class="s">"modified"</span> <span class="p">:</span> <span class="mi">1399070010291</span><span class="p">,</span> |
| <span class="s">"username"</span> <span class="p">:</span> <span class="s">"someUser"</span><span class="p">,</span> |
| <span class="s">"activated"</span> <span class="p">:</span> <span class="n">true</span><span class="p">,</span> |
| <span class="s">"metadata"</span> <span class="p">:</span> <span class="p">{</span> |
| <span class="s">"connecting"</span> <span class="p">:</span> <span class="p">{</span> |
| <span class="s">"friends"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/connecting/friends"</span><span class="p">,</span> |
| <span class="s">"likes"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/connecting/likes"</span> |
| <span class="p">},</span> |
| <span class="s">"path"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376"</span><span class="p">,</span> |
| <span class="s">"sets"</span> <span class="p">:</span> <span class="p">{</span> |
| <span class="s">"rolenames"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/roles"</span><span class="p">,</span> |
| <span class="s">"permissions"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/permissions"</span> |
| <span class="p">},</span> |
| <span class="s">"connections"</span> <span class="p">:</span> <span class="p">{</span> |
| <span class="s">"completed"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/completed"</span><span class="p">,</span> |
| <span class="s">"follows"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/follows"</span> |
| <span class="p">},</span> |
| <span class="s">"collections"</span> <span class="p">:</span> <span class="p">{</span> |
| <span class="s">"activities"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/activities"</span><span class="p">,</span> |
| <span class="s">"devices"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/devices"</span><span class="p">,</span> |
| <span class="s">"feed"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/feed"</span><span class="p">,</span> |
| <span class="s">"groups"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/groups"</span><span class="p">,</span> |
| <span class="s">"roles"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/roles"</span><span class="p">,</span> |
| <span class="s">"following"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/following"</span><span class="p">,</span> |
| <span class="s">"followers"</span> <span class="p">:</span> <span class="s">"/roles/348388de-a5c5-3c1e-9de5-9efc8ad529d8/users/410b213a-b379-11e3-a0e5-9953085ea376/followers"</span> |
| <span class="p">}</span> |
| <span class="p">}</span> |
| <span class="p">}</span> <span class="p">],</span> |
| <span class="s">"timestamp"</span> <span class="p">:</span> <span class="mi">1403214283808</span><span class="p">,</span> |
| <span class="s">"duration"</span> <span class="p">:</span> <span class="mi">358</span><span class="p">,</span> |
| <span class="s">"organization"</span> <span class="p">:</span> <span class="s">"your-org"</span><span class="p">,</span> |
| <span class="s">"applicationName"</span> <span class="p">:</span> <span class="s">"your-app"</span> |
| <span class="p">}</span> |
| </pre></div> |
| </div> |
| </div> |
| <div class="section" id="removing-roles-in-the-admin-portal"> |
| <h3>Removing Roles in the Admin Portal<a class="headerlink" href="#removing-roles-in-the-admin-portal" title="Permalink to this headline">ΒΆ</a></h3> |
| <p>The easiest way to remove roles from user or group entities is to use |
| the ‘Users’ tab of the Usergrid admin portal, by doing the following:</p> |
| <ol class="arabic simple"> |
| <li>In the left sidebar of the Usergrid admin portal, click Users > Users |
| or Users > Groups to display either the list of users or groups in |
| your application.</li> |
| <li>In the list, click the name of the user or group entity you want to |
| remove roles from to display its details in the right pane.</li> |
| <li>Click the ‘Roles & Permissions’ tab above the right pane.</li> |
| <li>Click the role you created in the list.</li> |
| <li>Under ‘Roles’, click the checkbox beside the role you want to remove |
| from the entity.</li> |
| <li>Click the ‘Leave roles’ button.</li> |
| </ol> |
| </div> |
| </div> |
| </div> |
| |
| |
| </div> |
| </div> |
| <footer> |
| |
| <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation"> |
| |
| <a href="authenticating-users-and-application-clients.html" class="btn btn-neutral float-right" title="Authenticating users & app clients" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a> |
| |
| |
| <a href="using-permissions.html" class="btn btn-neutral" title="Using permissions" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a> |
| |
| </div> |
| |
| |
| <hr/> |
| |
| <div role="contentinfo"> |
| <p> |
| © Copyright 2013-2015, Apache Usergrid. |
| |
| </p> |
| </div> |
| Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>. |
| |
| </footer> |
| |
| </div> |
| </div> |
| |
| </section> |
| |
| </div> |
| |
| |
| |
| |
| |
| <script type="text/javascript"> |
| var DOCUMENTATION_OPTIONS = { |
| URL_ROOT:'../', |
| VERSION:'2.x', |
| COLLAPSE_INDEX:false, |
| FILE_SUFFIX:'.html', |
| HAS_SOURCE: true |
| }; |
| </script> |
| <script type="text/javascript" src="../_static/jquery.js"></script> |
| <script type="text/javascript" src="../_static/underscore.js"></script> |
| <script type="text/javascript" src="../_static/doctools.js"></script> |
| |
| |
| |
| |
| |
| <script type="text/javascript" src="../_static/js/theme.js"></script> |
| |
| |
| |
| |
| <script type="text/javascript"> |
| jQuery(function () { |
| SphinxRtdTheme.StickyNav.enable(); |
| }); |
| </script> |
| |
| |
| </body> |
| </html> |